Amendments to the Claims 



1 . (Currently Amended) A method of preventing buffer overrun security 
vulnerabilities comprising: 

placing a return address on a stack; 

executing a modified call routine for placing adding a random amount p lurality of 

empty spaee -spaces to a known place e nte-a- on the stack; 
executing a called function; and 

executing a modified return routin e for removing said random amount o ne or . 

more of the plurality of empty spaee -spaces from the stac k to find the 

return address; and 
setting an end of stack pointer to an end of stack frame . 

2. (Currently Amended) The method of claim 1 , wh e r e in said modifi e d call routine 
comprises further comprising : 

placing a r e turn addr e ss for th e call e d function on th e stack; 

calculating a random number; 

saving saki -the r andom number in a secure location; 

placing a plurality of blank bytes equal to the random number ente-to the stack; 
building a stack frame by placing values from the called function eftte-to the 
stack; and 

setting an end of stack pointer to an end of the stack frame. 



3. (Currently Amended) The method of claim 2, wherein said-the location is 
comprises a processor register that is not generally accessible. 
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4. (Currently Amended) The method of claim 1 , wher e in said modified r e turn 
routine comprises further compsing : 

recalling ar the random number saved during an e x e cution of said modifi e d call 
routine ; 

removing a number of bytes equal to sakl- the random number from the stack; 
retrieving ar the return address for the called function from the stack; and 
setting an end of stack pointer to an end of a previous stack frame. 

5. (Currently Amended) The method of claim 1, wh e rein said modifi e d call routin e 
compris e s further comprising : 

placing a return address for the called function on the s tack; 
calculating a hash value of stack invariants; 
saving said -the hash value in a secure location; and 

building a stack frame by placing values from the called function onto the stack. 



Claims 6-11 (Cancelled) 



12. (Currently Amended) An apparatus^ comprising: 

a storage device having stored therein one or more routines for preventing buffer 

overrun security vulnerabilities; and 
a processor coupled to the storage device for executing the one or more routines 

that, when executing the routines, prevents buffer overrun errors by: 
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placing a return address on a stack; 

executing a modified call routine for placing adding a random amount 
plurality of empty spac e spaces to a known place ente-a ron the 
stack; 

executing a called function; ami 

e x e cuting a modified return routin e for removing said random amount one 
or more of the plurality of empty spaee -spaces from the stack to 
find the return address; and 

setting an end of stack pointer to an end of stack frame . 

13. (Currently Amended) The apparatus of claim 12, wherein said modified call 
routin e compris e s further comprising : 

placing a r e turn addr e ss for the call e d function on th e stack; 

calculating a random number; 

saving sakt- the random number in a secure location; 

placing a plurality of blank bytes equal to the random number ante-to the stack; 
building a stack frame by placing values from the called function onto the stack; 
and 

setting an end of stack pointer to an end of the stack frame. 

14. (Currently Amended) The apparatus of claim 13, wherein said-location is 
comprises a processor register that is not generally accessible. 

Claims 15-22 (Cancelled) 
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23. (Currently Amended) A machine-readable medium having stored thereon data 
representing sequences sets of instructions , s aid sequence s of in s truction s which, 
when executed by a processo r machine, cause said proc e ssor the machine to 
prev e nts buffer overrun e rrors by : 

place a return address on a stack; 

ex e cuting a modifi e d call routin e for placing adding a random amount p lurality of 

empty spaee -spaces to a known place ente-on a stack; 
executing execute a called function; and 

e xecuting a modifi e d r e turn routin e for r e moving said random amount remove 
one or more of the plurality of empty spaee -spaces from the stack to find 
the return address; and 

set an end of stack pointer to an end of stack frame . 

24. (Currently Amended) The machine-readable medium of claim 23, wherein said 
modifi e d call routin e compris e s: the sets of instructions which, when executed by 
the machine, further cause the machine to: 

placing a return address for the called function on the stack; 

calculating a random number; 

saving said- the random number in a secure location; 

placing a plurality of blank bytes equal to the random number ente-to the stack; 
building a stack frame by placing values from the called function onto the stack; 
and 

setting an end of stack pointer to an end of the stack frame. 
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25. (Currently Amended) The machine-readable medium of claim 24, wherein said 
the location is- comprises a processor register that is not generally accessible. 

Claims 26-33 (Cancelled) 

34. (New) A system, comprising: 
a storage medium; and 

a processor coupled with the storage medium, the processor to 
placing a return address on a stack, 

adding a plurality of empty spaces to a known place on the stack, 
executing a called function, 

removing one or more of the plurality of empty spaces from the stack to 

find the return address, and 
setting an end of stack pointer to an end of stack frame. 

35. (New) The system of claim 34, further comprising: 
calculating a random number; 

saving the random number in a secure location; 

placing a plurality of blank bytes equal to the random number to the stack; 
building a stack frame by placing values from the called function onto the stack; 
and 

setting an end of stack pointer to an end of the stack frame. 
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36. (New) The system of claim 35, wherein location comprises a processor register 
that is not generally accessible. 
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